LulzSec hits 50+ porn sites, exposes user data

In their ongoing quest for laughs at the expense of everyone else, hacker group Lulz Security has hit a new type of target: Porn. The group announced on Friday that it had infiltrated 56 porn sites, stolen and posted administrative emails and published an additional 26,000 emails and passwords from users of Pron.com.

“Hi! We like porn (sometimes), so these are email/password combinations [sic] from pron.com which we plundered for the lulz,” the group wrote in a release on their website, which also contained all the stolen email addresses and passwords.

The user data posted by LulzSec cannot be used to access the porn website accounts. Instead, it simply exposes the users as watchers of porn. The group specifically pointed out users with government and military email addresses who had signed up for the porn site.

But hacking porn sites wasn’t all LulzSec did in the past 24 hours. In a seemingly uncharacteristic move (as if we could say what the character of LulzSec is in the first place, which we cannot), the group alerted the British National Health Service to its network’s password vulnerabilities, and took down Muslim terrorist website aljahad.com. (Admittedly, the latter appears to have been carried out as a jab against rival hacker “Th3 J35t3r,” who took down the same site on June 5.)

Since the attack on PBS.org on May 30, which involved posting a fake story about deceased rapper Tupac Shakur living in New Zealand, LulzSec’s following on Twitter — where the majority of its statements and communications are published — has exploded to more 120,000.

The group has even managed to gain a following amongst members of the “white hat” cyber security industry — the people supposed to be fighting against LulzSec and their ilk — simply because they’ve so successfully made clear that most digitally stored data is woefully exposed.

“LulzSec is running around pummeling some of the world’s most powerful organizations into the ground… for laughs! For lulz! For shits and giggles!” writes security expert Patrick Gray on Risky.biz. “Surely that tells you what you need to know about computer security: there isn’t any.”

So, who’s next on LulzSec’s list of unlucky entities? Who knows! But we’d wager that Sony’s on there somewhere.